/** * A function to convert the $_SERVER['REMOTE_ADDR'] global variable * from the current value to the real remote viewer's value, should * that viewer be coming via an HTTP proxy. * * Only performs this conversion if the option to do so is set in the * configuration file. */ function MAX_remotehostProxyLookup() { $conf = $GLOBALS['_MAX']['CONF']; // Should proxy lookup conversion be performed? if ($conf['logging']['proxyLookup']) { OX_Delivery_logMessage('checking remote host proxy', 7); // Determine if the viewer has come via an HTTP proxy $proxy = false; if (!empty($_SERVER['HTTP_VIA']) || !empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $proxy = true; } elseif (!empty($_SERVER['REMOTE_HOST'])) { $aProxyHosts = array('proxy', 'cache', 'inktomi'); foreach ($aProxyHosts as $proxyName) { if (strpos($_SERVER['REMOTE_HOST'], $proxyName) !== false) { $proxy = true; break; } } } // Has the viewer come via an HTTP proxy? if ($proxy) { OX_Delivery_logMessage('proxy detected', 7); // Try to find the "real" IP address the viewer has come from $aHeaders = array('HTTP_FORWARDED', 'HTTP_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP'); foreach ($aHeaders as $header) { if (!empty($_SERVER[$header])) { $ip = $_SERVER[$header]; break; } } if (!empty($ip)) { // The "remote IP" may be a list, ensure that // only the FIRST non-private value is used in that case // See http://en.wikipedia.org/wiki/X-Forwarded-For#Format foreach (explode(',', $ip) as $ip) { $ip = trim($ip); // If the found address is not unknown or a private network address if ($ip != 'unknown' && !MAX_remotehostPrivateAddress($ip)) { // Set the "real" remote IP address, and unset // the remote host (as it will be wrong for the // newly found IP address) and HTTP_VIA header // (so that we don't accidently do this twice) $_SERVER['REMOTE_ADDR'] = $ip; $_SERVER['REMOTE_HOST'] = ''; $_SERVER['HTTP_VIA'] = ''; OX_Delivery_logMessage('real address set to ' . $ip, 7); break; } } } } } }
function MAX_remotehostProxyLookup() { $conf = $GLOBALS['_MAX']['CONF']; if ($conf['logging']['proxyLookup']) { OX_Delivery_logMessage('checking remote host proxy', 7); $proxy = false; if (!empty($_SERVER['HTTP_VIA']) || !empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $proxy = true; } elseif (!empty($_SERVER['REMOTE_HOST'])) { $aProxyHosts = array('proxy', 'cache', 'inktomi'); foreach ($aProxyHosts as $proxyName) { if (strpos($_SERVER['REMOTE_HOST'], $proxyName) !== false) { $proxy = true; break; } } } if ($proxy) { OX_Delivery_logMessage('proxy detected', 7); $aHeaders = array('HTTP_FORWARDED', 'HTTP_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP'); foreach ($aHeaders as $header) { if (!empty($_SERVER[$header])) { $ip = $_SERVER[$header]; break; } } if (!empty($ip)) { foreach (explode(',', $ip) as $ip) { $ip = trim($ip); if ($ip != 'unknown' && !MAX_remotehostPrivateAddress($ip)) { $_SERVER['REMOTE_ADDR'] = $ip; $_SERVER['REMOTE_HOST'] = ''; $_SERVER['HTTP_VIA'] = ''; OX_Delivery_logMessage('real address set to ' . $ip, 7); break; } } } } } }
/** * A function to determine if a given IP address is in a private network or * not. * * @param string $ip The IP address to check. * @return boolean Returns true if the IP address is in a private network, * false otherwise. */ function test_MAX_remotehostPrivateAddress() { $return = MAX_remotehostPrivateAddress('127.0.0.1'); $this->assertTrue($return); $return = MAX_remotehostPrivateAddress('127.10.0.2'); $this->assertTrue($return); $return = MAX_remotehostPrivateAddress('10.1.0.23'); $this->assertTrue($return); $return = MAX_remotehostPrivateAddress('172.16.0.0'); $this->assertTrue($return); $return = MAX_remotehostPrivateAddress('172.31.255.255'); $this->assertTrue($return); $return = MAX_remotehostPrivateAddress('172.15.255.255'); $this->assertFalse($return); $return = MAX_remotehostPrivateAddress('172.32.0.1'); $this->assertFalse($return); $return = MAX_remotehostPrivateAddress('8.8.8.8'); $this->assertFalse($return); }
/** * A function to convert the $_SERVER['REMOTE_ADDR'] global variable * from the current value to the real remote viewer's value, should * that viewer be coming via an HTTP proxy. * * Only performs this conversion if the option to do so is set in the * configuration file. */ function MAX_remotehostProxyLookup() { $conf = $GLOBALS['_MAX']['CONF']; // Should proxy lookup conversion be performed? if ($conf['logging']['proxyLookup']) { ###START_STRIP_DELIVERY if ($conf['deliveryLog']['enabled']) { OA::debug('checking remote host proxy'); } ###END_STRIP_DELIVERY // Determine if the viewer has come via an HTTP proxy $proxy = false; if (!empty($_SERVER['HTTP_VIA']) || !empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $proxy = true; } elseif (!empty($_SERVER['REMOTE_HOST'])) { $aProxyHosts = array('proxy', 'cache', 'inktomi'); foreach ($aProxyHosts as $proxyName) { if (strpos($_SERVER['REMOTE_HOST'], $proxyName) !== false) { $proxy = true; break; } } } // Has the viewer come via an HTTP proxy? if ($proxy) { ###START_STRIP_DELIVERY if ($conf['deliveryLog']['enabled']) { OA::debug('proxy detected'); } ###END_STRIP_DELIVERY // Try to find the "real" IP address the viewer has come from $aHeaders = array('HTTP_FORWARDED', 'HTTP_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP'); foreach ($aHeaders as $header) { if (!empty($_SERVER[$header])) { $ip = $_SERVER[$header]; break; } } if (!empty($ip)) { // The "remote IP" may be a list, ensure that // only the last item is used in that case $ip = explode(',', $ip); $ip = trim($ip[count($ip) - 1]); // If the found address is not unknown or a private network address if ($ip != 'unknown' && !MAX_remotehostPrivateAddress($ip)) { // Set the "real" remote IP address, and unset // the remote host (as it will be wrong for the // newly found IP address) and HTTP_VIA header // (so that we don't accidently do this twice) $_SERVER['REMOTE_ADDR'] = $ip; $_SERVER['REMOTE_HOST'] = ''; $_SERVER['HTTP_VIA'] = ''; ###START_STRIP_DELIVERY if ($conf['deliveryLog']['enabled']) { OA::debug('real address set to ' . $ip); } ###END_STRIP_DELIVERY } } } } }